You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

This isn't my PC but my soon to be daughter-in-laws running Vista Home Premium.

I ran MBAM to remove the most severe visible problems stemming from what I believe was a Security Antivirus infection. However, I'm still seeing a popup / task-bar icon for "Check you computer security. There are multiple security problems with your computer. Click here..."

Below is the DDS log and I'm attaching the attach.txt. I tried running GMER twice. The first time resulted in a page fault error in a nonpaged area and the second time it stopped and tried to connect to the internet but that didn't help.

BC AdBot (Login to Remove)

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.

I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.

Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.

Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand.

Disconnect from the Internet or physically unplug your Internet cable connection.Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. Temporarily disable your anti-virus and real-time anti-spyware protection.After starting the scan, do not use the computer until the scan has completed.When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Extract RootRepeal.exe from the zip archive.

Open on your desktop.

At the top of the window, click Settings, then Options.

Click the Ssdt & Shadow Ssdt Tab.

Make sure the box next to "Only display hooked functions." is checked.

Click the "X" in the top right corner of the Settings window to close it.

Click the tab.

Click the button.

Check all seven boxes:

Push Ok

Check the box for your main system drive (Usually C:), and press Ok.

Allow RootRepeal to run a scan of your system. This may take some time.

Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

First, as this computer does not have an antivirus installed on it currently, it would be wise to have this machine disconnected from the internet at all times other than when following instructions given. Please do not install an Antivirus on the machine yet! Some of the fixes we will be doing will require all antivirus software to be disabled anyways, and it will be much easier to just hold off on installing the AV until later. We will definitely take care of that before we're finished though.

***************************************************

Download Combofix from any of the links below but rename it to renamed.exebefore saving it to your desktop.

VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Double click on renamed.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helper

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.

Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:ComboFix LogHow is the computer running now?

Yes. . . this is a legitimate windows warning. It is caused by you not having an antivirus installed. We will address that now.

You are missing one critical kind of program on your computer: An antivirus.This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as possible and run a complete scan of the computer. Without an antivirus you will become infected on a regular basis.

Two good antivirus programs free for non-commercial home use are Avast! and AntivirNote: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Let me know if the warning is still there after installing and updating your antivirus of choice

Whether it was coincidence or something more, the computer suffered a BSOD for a REFERENCE_BY_POINTER during the Antivir scan.

I've rebooted and will try scanning again.

A question about the system configuration: Currently, Windows Security Center, under the Malware Protection heading, shows that Antivir and Windows Defender are both turned on. I set WinDefender to never run but is there more that I should do to ensure that only AntiVir is running. (I also removed Super AntiSpyware from this machine to make AntiVir the only antivirus product that is running.)

It sounds like you've got it set up correctly. Just a little bit more to do here.

Your Java is out of date.Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

Read the License Agreement, and then check the box that says: "Accept License Agreement".

Click Continue and the page will refresh.

Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.

Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.

If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

***************************************************

Your Adobe Reader is out of date. Please uninstall it through Add/Remove Programs and download the latest version from Adobe: DownloadPlease untick all proposed toolbars unless you really want them.

***************************************************

Also, please generate a new DDS.txt and Attach.txt log using the DDS tool.